To:
Bruce Campbell <bruce.campbell@ripe.net>
CC:
dnsop@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Thu, 31 Oct 2002 16:15:07 +0859 ()
In-Reply-To:
<Pine.LNX.4.44.0210301848420.27280-100000@x22.ripe.net> from BruceCampbell at "Oct 30, 2002 07:21:57 pm"
Sender:
owner-dnsop@cafax.se
Subject:
Re: DoS and anycast
Bruce; > This secures the backchannel. This does not stop the individual anycast > roots from being the subject of DoS attacks. Given that we do not see a > definitive way to stop _all_ DoS attacks[1], we should focus on making > sure that the data retrieved is authoritative. Hugh? Protection against DoS attacks and proteciton against forgery are conceptually orthogonal. Note that an ISP may run anycast root servers on all the 13 root server addresses that DoS on some does not redirect query to a root server operated by someone else. > Hence, we're back to the > previous thread on this list, being a proposal to sign the root zone. Even if you believe in public key cryptography, what's wrong with https? Masataka Ohta #---------------------------------------------------------------------- # To unsubscripbe, send a message to <dnsop-request@cafax.se>.